“Six-Strikes” BitTorrent Crackdown May Target Private Trackers

The much-discussed U.S. six strikes anti-piracy scheme should consider targeting private BitTorrent trackers according to a report by Stroz Friedberg. The suggestion is published in the evidence review which was made public after bias accusations arose two weeks ago. In addition to eyeing private trackers the report also recommends a more secure way to send incriminating data to Internet providers.

The MPAA and RIAA, helped by five major Internet providers in the United States, will start to warn and punish copyright infringers later this month.

The parties launched the Center for Copyright Information (CCI) and agreed on a system through which copyright infringers are warned that their behavior is unacceptable. After five or six warnings ISPs may then take a variety of repressive measures.

While it’s broadly described as an anti-piracy effort, the plan currently targets BitTorrent users, and only those who use public trackers. But, this may change in the near future.

Yesterday the CCI published a review of the evidence collecting technology used by tracking company MarkMonitor. The group decided to make a redacted version of the report public after it was revealed that the “independent” expert Stroz Friedberg previously worked for the RIAA.

The review briefly describes how MarkMonitor tracks BitTorrent users. First, the company identifies possibly infringing files and these are then downloaded in full to confirm that they’re real. Next, MarkMonitor requests a piece of the file from a file-sharer, after which it records the IP-address and sends a notice to the alleged infringer’s ISP.

The review concludes that “MarkMonitor’s evidence collection in connection with P2P infringement is robust, defensible, and will withstand adverse party scrutiny or evidentiary challenges.”

However, that doesn’t mean that there’s no room for improvements. The report points out, for example, that MarkMonitor only tracks properly named torrent files that are made available through public BitTorrent trackers, not private ones.

“Consider modifications to the infringement file identification process to include works with obfuscated names, or that are sourced from private trackers,” the report reads.

Unfortunately the paragraph that details this recommendation has been redacted. However, it’s apparent that by including torrents from private trackers the catch rate would be improved therefore boosting the deterrent function of the program.

While private BitTorrent trackers are often considered to be “safer” than public trackers, several of the larger ones are already being monitored by tracking companies. Users of public trackers are the easy pickings for anti-piracy companies, but private trackers can easily be targeted as well.

That said, it may be more of a challenge for MarkMonitor. All users on private trackers – undercover companies like MarkMonitor included – are required to maintain a good ratio of content up and downloaded to preserve their site membership. Doing this without actively participating in the large scale distribution of copyrighted content could prove an issue.

In addition to targeting private BitTorrent trackers, the report also recommends a more secure way to send incriminating data to Internet providers. At the moment the data is sent via email, which is relatively vulnerable to interception.

“Regarding ISP notifications, to the extent possible, move away from reliance on email/SMTP and towards the use of other secure protocols such as HTTPS,” the report reads. Again, the details of this suggestion are redacted.

One minor “flaw” in the report is the claim that “MarkMonitor’s Methodologies effectively identify P2P online copyright infringers,” which is strictly speaking not the case as they only identify IP-addresses.

CCI’s executive director Jill Lesser admits that this may not be the best choice of words indeed, and that no persons can be directly identified.

“You’re right, it’s a question of semantics. The more detailed way to describe the process is that MarkMonitor can only and will only identify the IP addresses associated with the alleged copyright infringement occurring on P2P networks,” Lesser says.

Overall the report answers several important questions and the information that’s made available suggests that MarkMonitor knows what it’s doing.

The “six-strikes” plan is expected to start later this month and as time goes by more questions will be answered, including the possibility that private BitTorrent trackers will be monitored.